Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
.Distribution Statement A: Approved for public release; DOPSR Case # 20-S-1782 applies. Distribution is unlimited
Security and Access
Results
Developing quantitative measures, implementing metrics monitoring and decision support tools to reduce acquisition risk.
Design
Fabrication
Packaging
V&V
Risk Assessment and MetricsOUSD R&E Trusted & Assured Microelectronics ProgramPOC: Dr. Matthew Casto, T&AM Program Director, [email protected]
Risk Assessment and Metrics
Background Results and ImpactApproach“Data collection and analysis methods must be developed and applied along the entire lifecycle, in a manner that does not introduce significant throughput impact or prohibitive cost penalties, in order to effectively counter security threats that include malicious insertion, fraudulent products, theft of IP, and quality and reliability failures. “ – Dr. Lisa Porter, DUSD R&E, ERI Summit 2019
The supply chain for Commercial off the Shelf (COTs) microelectronics used in DoD systems often includes
oversea components
Risk Assessment and Metrics uses data as a foundation for assessing risk in the microelectronics lifecycle. It is a cross-cutting activity to identify data driven comprehensive metrics for Quantifiable Assurance (QA).
US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks.
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200
Obscure & Undetected: Hacking Into Hardware of Mission-Critical Infrastructure Using Side-Channel Attacks
Data Collection
Identifying and collecting applicable data
Mathematical ModelingConduct quantifiable assurance assessment
Integrated Demonstration into PracticeIntegrating models and metrics into real world applications
Pass? Impact
Verification that the device or system reliably functions as intended with the specified provenance.
Model
ModelData
Risk A
ssessment
Risk A
ssessment
Risk A
ssessment
Risk A
ssessment
ModelData
ModelData
ModelData
OUSD R&E T&AM
McLek/Shutterstock
OUSD R&E T&AM
ExtremeTech
Forbes / Global Foundries
ES Components
Projectride.net
O’Reilly
Digital Design
Wikipedia
Wikipedia
chipsetc
Bosch wafer fab
npowert
npowert
dreamstime
sciencestockphotos
notebookcheck
Recent News Articles
DUSD – Deputy Undersecretary of DefenseR&E - Research and EngineeringERI – Electronics Resurgence Initiative
RC- Resistance Capacitance, SIM- Simulation, EMU - Emulation, FE – Front End, BE – Back End, EM – Electromagnetic
Electronics as a Strategic Issue
Program is enabling the move to the Quantifiable Assurance methodology that increases both access and supply security of custom DoD electronics
The supply chain for COTs microelectronics used in DoD systems often includes overseas suppliers, increasing risk to the supply chain
• Risks similar for the broader national security community, banking, critical infrastructure, etc.
Increasing dominance of Asia in microelectronic component manufacturing potentially increases supply chain risk
Significant microelectronic challenges represent a strategic, national-level use
DoD Trusted & Assured Electronics Issue
COTS Electronics Trust & Assurance (DoD & Beyond)
Source: SIA (https://www.semiconductors.org/)
Typical semiconductor production process spans multiple countries:4+ countries, 4+states, 3+ trips around the world, 100 days production time
Beyond Borders: Semiconductors are a Uniquely Global Industry